OUHSC Information Technology Department


Home  |  Online Help  |  Policies  |  Tier Ones

Cybersecurity Incident Reporting and Respone Policy:

Supporting documents: Full policy

All suspected information security incidents must be reported promptly to the appropriate university office or party.

What to Report

  • Any event in which access to University data might have been gained by an unauthorized person
  • Any event in which a device containing University information has (or might have been) lost, stolen or infected with malicious software (viruses, Trojans, etc.)
  • Any event in which an account belonging to a person that has access to the data might have been compromised or the password shared with unauthorized person (responding to phishing emails, someone shoulder surfing and writing down your password, etc.)
  • Any attempt to physically enter or break into a secure area where University data is or might be stored
  • Any other event in which University data has been or might have been lost or stolen
  • Any event in which University information system policies, standards, or practices are violated

How to Report

Delegated Authority for Information Security Incidents

Area of Responsibility

Contact Information

Information Security

All information, information systems, and infrastructure technology except for the areas specifically listed below.

IT-Security@ouhsc.edu
405-271-2476

HIPAA Security Officer

Electronic PHI for OUHSC Healthcare Components

Valerie Golden
405-271-8001 x46456

FERPA Official

Incidents involving student information protected by the Family Educational Rights and Privacy Act (FERPA)

Lori-Klimkowski@ouhsc.edu
Registrar, Office of Admissions & Records 405-271-2359 x48900

PCI Compliance Official

Incidents involving payment card data and information systems.

Kenneth Reed
405-271-2644 x50300

Last Updated: 04/24/2018